xiota [1] filed a deletion request for upg [2]: Maintainer is upstream dev. Program looks like a personal system maintenance script that is dangerous for other users to run. Does not belong on AUR. Maintainer was notified of issues on GitHub last week. I also commented on AUR, intent to open deletion request. Maintainer has not responded.
Review of package and script found the following: * PKGBUILD does not use checksums or signature, allowing retag to arbitrary commit. * Script options are hard coded with no way for user adjust without editing the script. This indicates script is suitable only for personal use by the author. * Script deletes pacman lockfile - could cause significant damage to system. * Script modifies grub and initramfs - could make system unbootable with no benefit because package managers typically already perform these tasks as needed. * Script runs tasks that users may not want: clears cache, empties trash * Script makes runtime assumptions that don't necessarily hold (eg, certain variables are not empty), potentially unintentionally altering system files. [1] https://aur.archlinux.org/account/xiota/ [2] https://aur.archlinux.org/pkgbase/upg/
